Ivanti ITSM Flaw Grants Attackers Admin Privilege Vulnerability Lets

Ivanti has disclosed a high-severity vulnerability within its Ivanti Neurons for ITSM platform. Attackers with valid credentials could exploit this flaw to escalate privileges, ultimately gaining full administrative access.

 The flaw, tracked as CVE-2026-9614, affects both cloud and on-premises deployments and has been assigned a CVSS score of 8.8, indicating a significant security risk in enterprise environments. The vulnerability stems from improper access control, categorized under CWE-284.

According to Ivanti, a remote authenticated attacker can exploit this issue without requiring user interaction, enabling unauthorized elevation to administrator-level permissions.

The CVSS vector highlights that the attack can be executed over the network with low complexity and limited privileges, while potentially impacting confidentiality, integrity, and availability.

Ivanti ITSM Vulnerability

Ivanti Neurons for ITSM is widely used for IT service management workflows, including ticketing, asset tracking, and automation.

Administrative access within such platforms can expose sensitive organizational data and allow attackers to manipulate system configurations or create persistent backdoors.

For example, an attacker with compromised low-level credentials could exploit CVE-2026-9614 to elevate privileges and modify user roles, effectively taking control of the ITSM environment. The vulnerability impacts on-premises versions 2025.4 and earlier.

Ivanti has released patches to address the issue in version 2025.4 Patch 1, as well as backported fixes in 2025.3 Patch 1 and 2025.2 Patch 1.

Organizations running affected versions are strongly advised to update immediately through the Ivanti License System portal.

For cloud customers, Ivanti has already applied fixes across all environments. The company confirmed that patches were deployed during updates rolled out on May 24 and 25, specifically in versions 2026.1 Patch 9 and 2026.2 Patch 1.

Additional updates were later issued to resolve a separate logging issue affecting IP address tracking. However, this secondary bug is unrelated to the core vulnerability.

At the time of disclosure, Ivanti stated that there is no evidence of active exploitation in the wild. However, given the ease of exploitation and the potential impact, the company issued an out-of-band security advisory to accelerate remediation efforts.

Ivanti also noted that there are currently no publicly available indicators of compromise associated with this vulnerability.

As a precaution, organizations are encouraged to audit role-based access controls and verify that administrative privileges are restricted to intended users. Misconfigured roles could increase exposure and make exploitation easier.

Security teams should prioritize patching and conduct internal reviews of access permissions within their ITSM deployments. Given the critical role these platforms play in enterprise operations, timely remediation is essential to prevent potential abuse by threat actors.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.